Information Assurance and Security

ASTi has a proven, long-term commitment to safeguarding protected information. ASTi develops and maintains a complete spectrum of security and Information Assurance (IA) solutions. All ASTi products are built upon a solid security foundation and meet numerous government accreditation standards. Since 2005, ASTi products have continuously held US Government IA accreditations through migrating programs including the current Risk Management Framework (RMF), so you can rest assured that ASTi has your system covered today and in the future.

RMF Approved

ASTi's Voisus product line is accredited with Authorization To Operate (ATO) status in compliance with the Risk Management Framework (RMF) for DoD Information Technology (IT).

Hardening Scripts & Patches

ASTi’s IA scripts and patches eliminate all DISA high- and medium-severity vulnerabilities. The simple installation process relieves system administrators of difficult, time-consuming IA management chores, freeing them to perform other critical tasks.

IA Maintenance

ASTi’s IA Maintenance program is the ideal solution for customers requiring rigorous IA controls, conformance to DoD standards, and OS patch management throughout the product’s life. IA Maintenance is bundled with Software Maintenance, which also includes the latest ASTi software features and fixes.

Government Accreditation

Additional IA statements and approvals are available for Certificate of HBSS Compliance, TEMPEST Countermeasure Review (TCR), RoIP Cross Domain Solution (CDS) Determination, and Emission Security (EMSEC) Determination.

Clear & Helpful Reports

ASTi processes the raw STIG, SCAP, and scan reports for easy analysis. These reports break outstanding Potential Discrepancy Items (PDIs) into lists of open, false-positive, and waiver items.

  • Details

ASTi's current generation server products are based on Red Hat® Enterprise Linux®, the most certified operating system available today. The IA Maintenance Program is an ideal security solution for customers who require even more rigorous IA controls, conformance to DoD standards, and OS patch management over the product's life-cycle.

Applicable Product Lines:

  • Telestra Server and Studio
  • Voisus
  • Comms Logger
  • SERA

Features

The IA Maintenance program is only available for U.S. DoD/government customers and foreign military sales under export control as an add-on to ASTi’s Software Maintenance program. IA updates will be received in tandem with base software updates through ASTi Software Maintenance. IA Maintenance specific features include:

  • Facilitating RMF ATO, HBSS Compliance, and other IA approvals
  • Red Hat / RHEL, 3rd party and open source IA software updates provided
  • Simple and intuitive installation and verification process
  • Expediting the DAA approval process through easy-to-read reports and manifests
  • Ease of renewal on anniversary date
  • System manifest that defines the packages that have been approved and tested by ASTi
  • IA scripts to eliminate all DISA high- and medium-severity vulnerability codes and a majority of the lower severity items
  • Breakdown of STIG Benchmark Non-Compliance PDIs into a detailed open, false positive and waiver listing for analysis and use by the DAA with ASTi's SCAP Non-Compliance Supplement Report
  • Consistent IA tool testing to ensure ASTi application software is constantly updated with the latest security enhancements and the core integrity of the system (i.e. Communications) is maintained

Government Accreditation of ASTi Products

ASTi products are accredited with Authorization To Operate (ATO) status in compliance with the Risk Management Framework (RMF) for DoD Information Technology (IT). Additional IA Statements and Approvals include:

  • Certificate of Host Based Security System (HBSS) Compliance
  • TEMPEST Countermeasure Review (TCR)
  • RoIP Cross Domain Solution (CDS) Determination
  • Emission Security (EMSEC) Determination

Deliverables and Schedule

  • One to three years of coverage to ensure that the customer's server systems receive critical security updates
  • Quarterly IA releases against latest STIG
  • Monthly Critical IAVA patches available for download

Customer Responsibilities

ASTi's IA Maintenance program eliminates a majority of the IA vulnerabilities. However, due to unique IA requirements at various customer sites, ASTi cannot ship systems that are ready to connect to any network. Typically, additional IA-related actions must be implemented, post-delivery, by the customer. These actions include:

  • Setting non-guessable passwords
  • Creating specific user accounts as required
  • Installing additional IA tools as required (i.e. Virus scanner, IDS, etc.)
  • Reviewing audit logs
  • Maintaining specific physical security requirements (e.g. locks, guards, alarms)
  • Having an active Software Maintenance Contract (purchased separately or bundled with IA Maintenance)

Export Regulations

ASTi Software is provided quarterly and gives the user access to the latest ASTi feature set. IA and OS updates are also provided quarterly and give the user access to the latest hardening scripts, patches, IA Package Overview, and system manifests. These quarterly software updates and technical data are controlled under the U.S. Export Administration Regulations (EAR). If you export or re-export these items, you are responsible for complying with the EAR and applicable U.S. export law. Diversion of these items contrary to U.S. Law is prohibited.

Additional documentation that is not provided by default each quarter may also be requested based on need. Examples of said documentation are as follows: SCAP and/or STIG reports, ACAS/NESSUS scan reports, Coverity Security Reports, Risk Management Framework (RMF) documentation packages, and/or government points of contact. Please note these additional documentation examples may have additional control or handling restrictions above and beyond those of the EAR; such as USML ITAR or CUI. Contact support@asti-usa.com for additional information.